Example: Matching on Destination Port and Protocol Fields
The first term matches all packets except for TCP and UDP packets, so only TCP and UDP packets are evaluated by the third term (term test-a-port):
[edit]firewall {family inet {filter test-filter {term all-but-tcp-and-udp {from {protocol-except [tcp udp];}then accept;}term test-an-address {from {address 192.168/16;}then reject;}term test-a-port {from {destination-port [ssh dns];}then accept;}term dump-anything-else {then reject;}}}}
